Larry Casey & OWASP

The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security visible so that people and organisations can make informed decisions about true application security risks.

Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. The OWASP Foundation is a 501c3 not for profit charitable organisation that ensures the ongoing availability and support for our work with your support.

OWASP Foundation has over 130 Local Chapters, all meetings are FREE simply sign up on the appropriate mailing list and introduce yourself. [sic]

The OWASP Application Security Search Engine indexes the best commercial and non-commercial websites on the Internet related to application security. All sites are selected and categorized by OWASP. To suggest a site, please send it to (owasp@owasp.org) You can use the links below to refine your search. [sic]

For example, if you are only interested in searching the OWASP website, choose the OWASP-only link. All ad revenue goes to support the OWASP Foundation, a 501c3 not-for-profit dedicated to finding and fighting the causes of insecure software.

Sound great? Does the charter of the organisation include instigating randomly selected colossally stupid denial of service attacks against popular websites? One thing's for sure: they'll never be 'for profit' if organisations they attack take them to court and sue for damages and/or file charges with local authorities.

Larry Casey, whoever he is, is up for full admittance into the Hall of Monkeys.

Category:OWASP DirBuster Project

DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. DirBuster attempts to find these. [sic]

However tools of this nature are often as only good as the directory and file list they come with. A different approach was taken to generating this. The list was generated from scratch, by crawling the Internet and collecting the directory and files that are actually used by developers! DirBuster comes a total of 9 different lists (Further information can be found below), this makes DirBuster extremely effective at finding those hidden files and directories. And if that was not enough DirBuster also has the option to perform a pure brute force, which leaves the hidden directories and files nowhere to hide! If you have the time ;) [sic]

You said it, jackass.

3rd March 2009 - Version 1.0-RC1

After some major code changes I have opted for a release candidate before 1.0, to weed out any bugs. Features introduced in this release are:

Auto pause, when 20 consecutive 20 errors happen

Spelling mistakes corrected

Multi threaded all the work generation, so multiple dir and file exts are scanned at the same time (this makes it much faster!)

Tip for website operators: block these clowns immediately in robots.txt. Their agent is 'DirBuster-0.12'. As their requests are all 404s you can count on automatically getting about 150,000 of them - and that's tantamount to denial of service.

22/May/2009:01:41:56 - 22/May/2009:02:10:18

Note: the log file, at 27 MB, wasted too much bandwidth, and so was removed. And yet it represented but 30 minutes OWASP traffic. All 404s.